42 					       const u8 *pos, size_t len)  in tls_process_server_hello_extensions()  argument
44 	const u8 *end = pos + len;  in tls_process_server_hello_extensions()
47 		    pos, len);  in tls_process_server_hello_extensions()
48 	while (pos < end) {  in tls_process_server_hello_extensions()
51 		if (end - pos < 4) {  in tls_process_server_hello_extensions()
56 		ext = WPA_GET_BE16(pos);  in tls_process_server_hello_extensions()
57 		pos += 2;  in tls_process_server_hello_extensions()
58 		elen = WPA_GET_BE16(pos);  in tls_process_server_hello_extensions()
59 		pos += 2;  in tls_process_server_hello_extensions()
61 		if (elen > end - pos) {  in tls_process_server_hello_extensions()
69 			    pos, elen);  in tls_process_server_hello_extensions()
71 		pos += elen;  in tls_process_server_hello_extensions()
81 	const u8 *pos, *end;  in tls_process_server_hello()  local
94 	pos = in_data;  in tls_process_server_hello()
101 	if (*pos != TLS_HANDSHAKE_TYPE_SERVER_HELLO) {  in tls_process_server_hello()
103 			   "message %d (expected ServerHello)", *pos);  in tls_process_server_hello()
109 	pos++;  in tls_process_server_hello()
111 	len = WPA_GET_BE24(pos);  in tls_process_server_hello()
112 	pos += 3;  in tls_process_server_hello()
120 	wpa_hexdump(MSG_MSGDUMP, "TLSv1: ServerHello", pos, len);  in tls_process_server_hello()
121 	end = pos + len;  in tls_process_server_hello()
124 	if (end - pos < 2)  in tls_process_server_hello()
126 	tls_version = WPA_GET_BE16(pos);  in tls_process_server_hello()
130 			   "ServerHello %u.%u", pos[0], pos[1]);  in tls_process_server_hello()
135 	pos += 2;  in tls_process_server_hello()
142 	if (end - pos < TLS_RANDOM_LEN)  in tls_process_server_hello()
145 	os_memcpy(conn->server_random, pos, TLS_RANDOM_LEN);  in tls_process_server_hello()
146 	pos += TLS_RANDOM_LEN;  in tls_process_server_hello()
151 	if (end - pos < 1)  in tls_process_server_hello()
153 	if (end - pos < 1 + *pos || *pos > TLS_SESSION_ID_MAX_LEN)  in tls_process_server_hello()
155 	if (conn->session_id_len && conn->session_id_len == *pos &&  in tls_process_server_hello()
156 	    os_memcmp(conn->session_id, pos + 1, conn->session_id_len) == 0) {  in tls_process_server_hello()
157 		pos += 1 + conn->session_id_len;  in tls_process_server_hello()
161 		conn->session_id_len = *pos;  in tls_process_server_hello()
162 		pos++;  in tls_process_server_hello()
163 		os_memcpy(conn->session_id, pos, conn->session_id_len);  in tls_process_server_hello()
164 		pos += conn->session_id_len;  in tls_process_server_hello()
170 	if (end - pos < 2)  in tls_process_server_hello()
172 	cipher_suite = WPA_GET_BE16(pos);  in tls_process_server_hello()
173 	pos += 2;  in tls_process_server_hello()
206 	if (end - pos < 1)  in tls_process_server_hello()
208 	if (*pos != TLS_COMPRESSION_NULL) {  in tls_process_server_hello()
210 			   "compression 0x%02x", *pos);  in tls_process_server_hello()
215 	pos++;  in tls_process_server_hello()
217 	if (end - pos >= 2) {  in tls_process_server_hello()
220 		ext_len = WPA_GET_BE16(pos);  in tls_process_server_hello()
221 		pos += 2;  in tls_process_server_hello()
222 		if (end - pos < ext_len) {  in tls_process_server_hello()
225 				   ext_len, (unsigned int) (end - pos));  in tls_process_server_hello()
229 		if (tls_process_server_hello_extensions(conn, pos, ext_len))  in tls_process_server_hello()
231 		pos += ext_len;  in tls_process_server_hello()
234 	if (end != pos) {  in tls_process_server_hello()
236 			    "end of ServerHello", pos, end - pos);  in tls_process_server_hello()
357 	const u8 *pos, *end;  in tls_process_certificate()  local
371 	pos = in_data;  in tls_process_certificate()
381 	type = *pos++;  in tls_process_certificate()
382 	len = WPA_GET_BE24(pos);  in tls_process_certificate()
383 	pos += 3;  in tls_process_certificate()
425 	end = pos + len;  in tls_process_certificate()
427 	if (end - pos < 3) {  in tls_process_certificate()
434 	list_len = WPA_GET_BE24(pos);  in tls_process_certificate()
435 	pos += 3;  in tls_process_certificate()
437 	if ((size_t) (end - pos) != list_len) {  in tls_process_certificate()
441 			   (unsigned long) (end - pos));  in tls_process_certificate()
447 	while (pos < end) {  in tls_process_certificate()
448 		if (end - pos < 3) {  in tls_process_certificate()
457 		cert_len = WPA_GET_BE24(pos);  in tls_process_certificate()
458 		pos += 3;  in tls_process_certificate()
460 		if ((size_t) (end - pos) < cert_len) {  in tls_process_certificate()
464 				   (unsigned long) (end - pos));  in tls_process_certificate()
476 			if (tls_parse_cert(pos, cert_len,  in tls_process_certificate()
487 		cert = x509_certificate_parse(pos, cert_len);  in tls_process_certificate()
506 		pos += cert_len;  in tls_process_certificate()
668 	const u8 *pos, *end, *server_params, *server_params_end;  in tlsv1_process_diffie_hellman()  local
675 	pos = buf;  in tlsv1_process_diffie_hellman()
678 	if (end - pos < 3)  in tlsv1_process_diffie_hellman()
680 	server_params = pos;  in tlsv1_process_diffie_hellman()
681 	val = WPA_GET_BE16(pos);  in tlsv1_process_diffie_hellman()
682 	pos += 2;  in tlsv1_process_diffie_hellman()
683 	if (val == 0 || val > (size_t) (end - pos)) {  in tlsv1_process_diffie_hellman()
688 	bits = count_bits(pos, conn->dh_p_len);  in tlsv1_process_diffie_hellman()
693 			    pos, conn->dh_p_len);  in tlsv1_process_diffie_hellman()
696 	conn->dh_p = os_memdup(pos, conn->dh_p_len);  in tlsv1_process_diffie_hellman()
699 	pos += conn->dh_p_len;  in tlsv1_process_diffie_hellman()
703 	if (end - pos < 3)  in tlsv1_process_diffie_hellman()
705 	val = WPA_GET_BE16(pos);  in tlsv1_process_diffie_hellman()
706 	pos += 2;  in tlsv1_process_diffie_hellman()
707 	if (val == 0 || val > (size_t) (end - pos))  in tlsv1_process_diffie_hellman()
710 	conn->dh_g = os_memdup(pos, conn->dh_g_len);  in tlsv1_process_diffie_hellman()
713 	pos += conn->dh_g_len;  in tlsv1_process_diffie_hellman()
719 	if (end - pos < 3)  in tlsv1_process_diffie_hellman()
721 	val = WPA_GET_BE16(pos);  in tlsv1_process_diffie_hellman()
722 	pos += 2;  in tlsv1_process_diffie_hellman()
723 	if (val == 0 || val > (size_t) (end - pos))  in tlsv1_process_diffie_hellman()
726 	conn->dh_ys = os_memdup(pos, conn->dh_ys_len);  in tlsv1_process_diffie_hellman()
729 	pos += conn->dh_ys_len;  in tlsv1_process_diffie_hellman()
732 	server_params_end = pos;  in tlsv1_process_diffie_hellman()
750 			if (end - pos < 2)  in tlsv1_process_diffie_hellman()
752 			if ((pos[0] != TLS_HASH_ALG_SHA256 &&  in tlsv1_process_diffie_hellman()
753 			     pos[0] != TLS_HASH_ALG_SHA384 &&  in tlsv1_process_diffie_hellman()
754 			     pos[0] != TLS_HASH_ALG_SHA512) ||  in tlsv1_process_diffie_hellman()
755 			    pos[1] != TLS_SIGN_ALG_RSA) {  in tlsv1_process_diffie_hellman()
757 					   pos[0], pos[1]);  in tlsv1_process_diffie_hellman()
762 				conn->rl.tls_version, pos[0],  in tlsv1_process_diffie_hellman()
766 			pos += 2;  in tlsv1_process_diffie_hellman()
785 					 hash, hlen, pos, end - pos,  in tlsv1_process_diffie_hellman()
801 					     const u8 *pos, size_t len)  in tls_process_certificate_status_ocsp_response()  argument
803 	const u8 *end = pos + len;  in tls_process_certificate_status_ocsp_response()
807 	if (end - pos < 3) {  in tls_process_certificate_status_ocsp_response()
812 	ocsp_resp_len = WPA_GET_BE24(pos);  in tls_process_certificate_status_ocsp_response()
813 	pos += 3;  in tls_process_certificate_status_ocsp_response()
814 	if (end - pos < ocsp_resp_len) {  in tls_process_certificate_status_ocsp_response()
820 	return tls_process_ocsp_response(conn, pos, ocsp_resp_len);  in tls_process_certificate_status_ocsp_response()
827 	const u8 *pos, *end;  in tls_process_certificate_status()  local
843 	pos = in_data;  in tls_process_certificate_status()
854 	type = *pos++;  in tls_process_certificate_status()
855 	len = WPA_GET_BE24(pos);  in tls_process_certificate_status()
856 	pos += 3;  in tls_process_certificate_status()
867 	end = pos + len;  in tls_process_certificate_status()
889 	if (end - pos < 1) {  in tls_process_certificate_status()
894 	status_type = *pos++;  in tls_process_certificate_status()
900 			conn, pos, end - pos);  in tls_process_certificate_status()
914 		if (end - pos < 3) {  in tls_process_certificate_status()
920 		resp_len = WPA_GET_BE24(pos);  in tls_process_certificate_status()
921 		pos += 3;  in tls_process_certificate_status()
922 		if (end - pos < resp_len) {  in tls_process_certificate_status()
929 		end = pos + resp_len;  in tls_process_certificate_status()
931 		while (end - pos >= 3) {  in tls_process_certificate_status()
932 			resp_len = WPA_GET_BE24(pos);  in tls_process_certificate_status()
933 			pos += 3;  in tls_process_certificate_status()
934 			if (resp_len > end - pos) {  in tls_process_certificate_status()
937 					   resp_len, (int) (end - pos));  in tls_process_certificate_status()
944 				conn, pos - 3, resp_len + 3);  in tls_process_certificate_status()
949 			pos += resp_len;  in tls_process_certificate_status()
1025 	const u8 *pos, *end;  in tls_process_server_key_exchange()  local
1038 	pos = in_data;  in tls_process_server_key_exchange()
1048 	type = *pos++;  in tls_process_server_key_exchange()
1049 	len = WPA_GET_BE24(pos);  in tls_process_server_key_exchange()
1050 	pos += 3;  in tls_process_server_key_exchange()
1061 	end = pos + len;  in tls_process_server_key_exchange()
1094 	wpa_hexdump(MSG_DEBUG, "TLSv1: ServerKeyExchange", pos, len);  in tls_process_server_key_exchange()
1098 		if (tlsv1_process_diffie_hellman(conn, pos, len,  in tls_process_server_key_exchange()
1122 	const u8 *pos, *end;  in tls_process_certificate_request()  local
1134 	pos = in_data;  in tls_process_certificate_request()
1144 	type = *pos++;  in tls_process_certificate_request()
1145 	len = WPA_GET_BE24(pos);  in tls_process_certificate_request()
1146 	pos += 3;  in tls_process_certificate_request()
1157 	end = pos + len;  in tls_process_certificate_request()
1186 	const u8 *pos, *end;  in tls_process_server_hello_done()  local
1198 	pos = in_data;  in tls_process_server_hello_done()
1208 	type = *pos++;  in tls_process_server_hello_done()
1209 	len = WPA_GET_BE24(pos);  in tls_process_server_hello_done()
1210 	pos += 3;  in tls_process_server_hello_done()
1220 	end = pos + len;  in tls_process_server_hello_done()
1253 	const u8 *pos;  in tls_process_server_change_cipher_spec()  local
1286 	pos = in_data;  in tls_process_server_change_cipher_spec()
1295 	if (*pos != TLS_CHANGE_CIPHER_SPEC) {  in tls_process_server_change_cipher_spec()
1297 			   "received data 0x%x", *pos);  in tls_process_server_change_cipher_spec()
1312 	*in_len = pos + 1 - in_data;  in tls_process_server_change_cipher_spec()
1323 	const u8 *pos, *end;  in tls_process_server_finished()  local
1336 	pos = in_data;  in tls_process_server_finished()
1348 	if (pos[0] != TLS_HANDSHAKE_TYPE_FINISHED) {  in tls_process_server_finished()
1350 			   "type 0x%x", pos[0]);  in tls_process_server_finished()
1356 	len = WPA_GET_BE24(pos + 1);  in tls_process_server_finished()
1358 	pos += 4;  in tls_process_server_finished()
1369 	end = pos + len;  in tls_process_server_finished()
1379 		    pos, TLS_VERIFY_DATA_LEN);  in tls_process_server_finished()
1435 	if (os_memcmp_const(pos, verify_data, TLS_VERIFY_DATA_LEN) != 0) {  in tls_process_server_finished()
1457 	const u8 *pos;  in tls_process_application_data()  local
1468 	pos = in_data;  in tls_process_application_data()
1472 		    pos, left);  in tls_process_application_data()
1476 		os_memcpy(*out_data, pos, left);  in tls_process_application_data()